CVE-2011-2700

Multiple buffer overflows in the si4713_write_econtrol_string function indrivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on theN900 platform might allow local users to cause a denial of service or haveunspecified other impact via a crafted s_ext_ctrls operation with a (1)V4L2_CID_RDS_TX_PS_NAME or (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.

Ubuntu-Description

Mauro Carvalho Chehab discovered that the si4713 radio driver did notcorrectly check the length of memory copies. If this hardware wasavailable, a local attacker could exploit this to crash the system or gainroot privileges.